02 January 2016

When it became clear that the EU and US were planning to start negotiations for what would be the world's largest trade agreement, people naturally started analysing its various aspects and possibilities. This formed a kind of conceptual framework for TTIP/TAFTA. But in a stunning demonstration of the fact that it's foolish to think that those frameworks are anything more than contingent and provisional, Edward Snowden's revelations about massive spying by the NSA (with quite a lot of help from GCHQ) has introduced an important new element.

Although there was some talk of cancelling the negotiations completely in the wake of the leaks, that was never a realistic possibility given the vested interests here. But as Snowden's documents have continued to appear, each one filling out the picture of total online surveillance, so the anger has been building up in Europe. One manifestation of that came in a speech from Viviane Reding , Vice-President of the European Commission, EU Justice Commissioner who said:

data protection is a fundamental right. The reason for this is rooted in our historical experience with dictatorships from the right and from the left of the political spectrum. They have led to a common understanding in Europe that privacy is an integral part of human dignity and personal freedom. Control of every movement, every word or every e-mail made for private purposes is not compatible with Europe's fundamental values or our common understanding of a free society.

She then went on to make the following significant call:

This is why I warn against bringing data protection to the [TTIP] trade talks. Data protection is not red tape or a tariff. It is a fundamental right and as such it is not negotiable.

That was back in October. At around the same time, the Civil Liberties, Justice and Home Affairs (LIBE) committee was conducting a major inquiry into the mass surveillance of EU citizens. It has just agreed its final report and recommendations:

The text, passed by 33 votes to 7 with 17 abstentions, condemns the “vast, systemic, blanket collection of personal data of innocent people, often comprising intimate personal information”, adding that “the fight against terrorism can never be a justification for untargeted, secret or even illegal mass surveillance programmes”.

"We now have a comprehensive text that for the first time brings together in-depth recommendations on Edward Snowden's allegations of NSA spying and an action plan for the future. The Civil Liberties Committee inquiry came at a crucial time, along with Snowden´s allegations and the EU data protection regulation. I hope that this document will be supported by the full Parliament and that it will last beyond the next European Parliament's mandate", said rapporteur Claude Moraes (S&D, UK), after the vote.

The recommendations are wide-ranging, but in this update's context here's the key one:

Data protection must be excluded from trade talks

Parliament's consent to the final Transatlantic Trade and Investment Partnership (TTIP) deal with the US “could be endangered as long as blanket mass surveillance activities and the interception of communications in EU institutions and diplomatic representations are not fully stopped and an adequate solution for data privacy rights of EU citizens, including administrative and judicial redress is not found”, MEPs say.

Parliament should therefore withhold its consent to the TTIP agreement unless it fully respects fundamental rights enshrined in the EU Charter, the text adds, stressing that data protection should be ruled out of the trade talks.

It's worth exploring what that means in practice.

The European Parliament has no power to demand that data protection be removed from TTIP, so instead the LIBE committee wants to apply some pressure indirectly. Since any final TAFTA/TTIP agreement must be approved by a plenary vote in the European Parliament, a statement that it would not give its approval if there were a data protection chapter means that the European Commission, which is responsible for the negotiations, would be aware of the risk of including it. It might decide that it would be better to drop data protection in order not to antagonise the European Parliament before the big "yes" or "no" vote on TTIP.

However, the US has been adamant that data protection must be included in TTIP: that's because all the most powerful US Internet companies – Google, Microsoft, Facebook etc. - need it so that they can continue to take data about European citizens out of Europe and use it as they wish. They do this currently under the so-called Safe Harbour scheme, which is, in fact, not very safe for Europeans – something mentioned by the LIBE committee's report:

The Terrorist Finance Tracking Programme (TFTP) deal should also be suspended until allegations that US authorities have access to EU citizens’ bank data outside the agreement are clarified, say MEPs. The EU-US data protection framework agreement to be struck in spring 2014 must ensure proper judicial redress for EU citizens whose personal data are transferred to the US, they add.

If the LIBE committee's recommendation to keep data protection out of TAFTA/TTIP is accepted by the European Parliament, this will create a big problem for the European Commission's TTIP negotiators, since the US will be pushing very hard to keep data protection in the agreement. The European Parliament vote is scheduled to take place in March, and I'll be writing about what we should be saying to our MEPs nearer the time.

About Me

I have been a technology journalist and consultant for 30 years, covering
the Internet since March 1994, and the free software world since 1995.

One early feature I wrote was for Wired in 1997:
The Greatest OS that (N)ever Was.
My most recent books are Rebel Code: Linux and the Open Source Revolution, and Digital Code of Life: How Bioinformatics is Revolutionizing Science, Medicine and Business.